Executive Briefing September 22, 2017

HILL UPDATE

Politico’s Morning Cybersecurity newsletter reported on comments by Majority Whip Sen. John Cornyn while speaking on the Senate floor that the time is “fast approaching” to renew Section 702 programs. Cornyn voiced his support for a letter sent last week by Attorney General Jeff Sessions and Director of National Intelligence Dan Coats to congressional leaders pressing for Section 702 to be renewed permanently with no changes.

ARTICLE SUMMARY

Law360 reported on the recently filed DOJ reply brief in Microsoft’s warrant case, which detailed that Google will not continue challenging Stored Communications Act (SCA) warrants for overseas data if the warrants are issued outside of the Second Circuit. Outlets noted DOJ’s argument that Google’s policy change is further proof that the Supreme Court needs to weight in to create a uniform standard for warrants issued under the SCA. In a statement, Google expressed its support for ICPA as a legislative solutionand noted that the company will continue to follow the Second Circuit ruling in that district, and is “appealing some of the cases where lower courts have decided not to follow” the Second Circuit’s ruling.

The EU is pushing ahead with plans to rewrite tax rules for technology companies, aimed at increasing governments’ take from the likes of Google, Facebook and Amazon. The European commission is looking at ways to capture tax from companies that may have no offices, shops or other physical presence in a country, but are accruing profits through large numbers of online users or customers. A report published by the commission on Thursday said technology companies paid less than half the tax of bricks-and-mortar businesses.

WASHINGTON (Reuters) – The Trump administration is making it more difficult for skilled foreigners to work in the United States, challenging visa applications more often than at nearly any point in the Obama era, according to data reviewed by Reuters. The more intense scrutiny of the applications for H-1B visas comes after President Donald Trump called for changes to the visa program so that it benefits the highest-paid workers, though he has not enacted any such reforms. Data provided by U.S. Citizenship and Immigration Services shows that between Jan. 1 and Aug. 31, the agency issued 85,000 challenges, or “requests for evidence” (RFEs), to H-1B visa petitions – a 45 percent increase over the same period last year. The total number of H-1B petitions rose by less than 3 percent in the same period.

WASHINGTON — Last month, Facebook and Google came out forcefully against a bill that would hold companies accountable for hosting sex trafficking on their websites. They said that while they worked hard to combat sex trafficking, changing the law “jeopardizes bedrock principles of a free and open internet” that have been crucial to innovation for decades. By this week, the two companies were hoping to reach a compromise with lawmakers, an acknowledgment that they could not stop the bill entirely because of strong political headwinds. The shifting position illustrates the changing political reality in Washington for some of the country’s biggest technology companies. After years of largely avoiding regulation, businesses like Facebook, Google and Amazon are a focus of lawmakers, some of whom are criticizing the expanding power of big tech companies and their role in the 2016 election.

Facebook has conceded that technology companies could do more to counter online extremism after Theresa May and the French president, Emmanuel Macron, proposed fining firms that move too slowly to remove extremist content being shared by terrorist groups. The social media giant told a meeting between political leaders and its own executives as well as others from Google and Microsoft at the United Nations general assembly in New York that it is now employing thousands of content reviewers around the globe and a staff of 150 people dedicated to countering terrorism on its platform in an attempt to remove more extremist content.

Apple CEO Tim Cook gave new and detailed comments on immigration and the Deferred Action for Childhood Arrivals program while he was on a panel with Michael Bloomberg at a conference on Wednesday. Immigration is “the biggest issue of our time,” Cook said. “This goes to the values of being American.” In August, the Trump administration announced that it planned to end a program known as DACA, or the Deferred Action for Childhood Arrivals program, although it eventually backed off. In response, Cook said in an internal Apple post that 250 Apple employees are covered under DACA, and that he supported the so-called “Dreamers” at Apple.

Candidates are quizzing prospective campaign managers on anti-hacking plans. Democratic committees like the Democratic Congressional Campaign Committee, which was breached last year, have switched internally from email to encrypted messaging apps. And both parties are feverishly trying to spread advice and best practices to new campaigns before they become targets. The political world is officially obsessed with cybersecurity in 2017 — especially the Democrats burned by the hacking of their committees and operatives during the 2016 election. Much of the Democratic Party’s permanent apparatus has already changed its day-to-day operations as a result, while beginning the slow process of persuading its decentralized, startup-like campaign ecosystem to follow suit.

Five years ago this month, the first “inter partes review” began, a process laid out in the America Invents Act, which was passed in 2011. In a piece of legislation that was timid in its scope, the IPR process gave some hope to those in the tech sector who hoped to reduce the scourge of so-called “patent trolls.” Now that IPRs are seeing their five-year anniversary, it’s a good time to take stock of the process. That’s especially true since the Supreme Court will take a close look at IPRs when it hears Oil States Energy Services v. Greene’s Energy Group, a case that challenges the constitutional basis of IPRs.

Seven months ago, California legislators first began debating a bill that would have prevented Internet providers from collecting and selling user data without permission. But when the state assembly wrapped up its 2017 session, that proposal never got a vote. The bill, called A.B. 375, was originally introduced on Feb 9 (though it was greatly revised in the months that followed). Had it been passed, it would have required service providers—which include telecom companies such as Verizon and AT&T—to obtain a customer’s permission before that data was used, shared or sold. It would also have prevented providers from charging customers who refused to grant that permission a higher fee.

BEIJING (Reuters) – China’s commerce ministry on Monday uneveiled a four-month crackdown, running from September until the end of 2017, to protect the intellectual property rights of companies with foreign investors. In a statement on its website, the ministry said China would target theft of business secrets, knockoffs of well-known brands, the trade of goods in violation of intellectual property rights and take steps to protect copyrighted material.

India is poised to emerge as an economic superpower, driven in part by its young population, while China and the Asian Tigers age rapidly, according to Deloitte LLP. The number of people aged 65 and over in Asia will climb from 365 million today to more than half a billion in 2027, accounting for 60 percent of that age group globally by 2030, Deloitte said in a report Monday. In contrast, India will drive the third great wave of Asia’s growth – following Japan and China — with a potential workforce set to climb from 885 million to 1.08 billion people in the next 20 years and hold above that for half a century.

For years, tech companies have been viewed favorably by most Americans, as sites like Amazon and Google benefitted from reputations as cutting-edge and innovative businesses. But within the past year, the relationship between the tech industry and Washington has been marked by tougher scrutiny from regulators and a new political climate that makes it increasingly harder for companies — either willingly or unwillingly — to stay out of politics.

In coverage of the first annual review of the EU-U.S. Privacy Shield agreement, Law360 highlighted that concerns around U.S. government spying under the Trump administration and cross-border requests for data will be among the most pressing issues discussed by policymakers. Law360 reported that Google’s recent decision to comply with SCA warrants outside the Second Circuit will likely be a point of discussion.

Op-ed on Privacy Shield review: President and CEO Victoria A. Espinel wrote, “the EU-US Privacy Shield achieves the right balance between data protection and the need for uninterrupted data flows.” She added, “the Privacy Shield’s more robust framework provides businesses with the legal certainty they need to continue operating and innovating, a fact reflected in its rapid adoption by companies both large and small, US and European.” (EURACTIV – Privacy Shield: A strong framework for transatlantic digital trade, By Victoria A. Espinel, September 18, 2017)

Statement on ICPA: BSA praised “Representatives Doug Collins, Hakeem Jeffries, Darrell Issa, and Suzan DelBene for introducing the International Communications Privacy Act (ICPA) in the House.” Additionally, BSA “signed a joint letter to the sponsors voicing industry support for the bill.” Vice president of legislative strategy Craig Albright stated, “ICPA would modernize the United States’ approach to these challenges, while striking a balance between citizens’ privacy rights and law enforcement’s need to gather evidence for criminal investigations.” (BSA STATEMENT – BSA | The Software Alliance Voices Support for ICPA in Joint Industry Letter, September 15, 2017)

Human Rights Watch

Human Rights Watch published a letter co-signed by 21 civil liberties advocacy groups, including ACLU, EFF and CDT, urging Congress to oppose proposed legislation enabling bilateral agreements, like the US-UK agreement, for cross-border access to data. The groups argue that the proposed bill would empower certain foreign governments to bypass the current MLAT process and “eliminates many key safeguards provided under current law that protect the rights of individuals inside and outside the United States.” The letter drove subsequent reporting by The Hill, which also recapped discussion of the legislation and US-UK agreement during the MaySenate Judiciary Subcommittee hearing on access to data stored abroad. (Coalition Letter on Cross-Border Data Deal September 20, 2017)

Information Technology Industry Council (ITI)

Statement on E.U. tax proposal: “We respect the European Commission’s desire to develop a tax code that works for its people, economy, and businesses,” said President and CEO Dean Garfield. “As active participants in the European economy, we urge the European Commission to recognize the integrated and increasingly global nature of capital.” He added, “Furthermore, we also urge Congress and the administration to modernize the U.S. tax code by passing pro-growth tax reform that levels the playing field for U.S. companies.” (ITI STATEMENT – After E.U. Tax Proposal, Tech Industry Calls for Modernization of U.S. Tax Code, September 21, 2017)

Statement on government cybersecurity: Senior Vice President for the Public Sector Trey Hodgkinssaid in a statement, “By passing the MGT Act, the Senate took an important step in updating our archaic government technology that currently leaves us vulnerable to cyberattacks.” He added, “Couple that with the fact that we spend the majority of our $80 billion IT budget to maintain legacy systems, this bill is a win for taxpayers’ wallets while also protecting their information.” (ITI STATEMENT – Tech Applauds the Senate for Passing MGT Act, September 18, 2017)

Statement on EU-U.S. Privacy Shield: Garfield stated, “This week’s annual review provides a golden opportunity for the United States and European Union to reaffirm the Privacy Shield as a critical tool for companies of all sizes to reliably move data across the Atlantic, while maintaining citizens’ rights to strong privacy and data protection.”He added, “We are confident the review will validate Privacy Shield as a win not only for the protection of EU and U.S. citizens’ privacy, but also for innovation, job creation, and economic growth.” (ITI STATEMENT – EU-U.S. Privacy Shield Annual Review, September 18, 2017)

Information Technology and Innovation Foundation (ITIF)

Essay on the future of work: President Robert D. Atkinson wrote that “instead of fretting about tech killing jobs, we should instead be worrying about how the heck are we ever going to raise productivity growth rates, which have been at all-time lows over the last decade.” He added, “we should we all calm down and not panic over the robot assault” because “technological change has always been gradual and always will be.”(ITIF ESSAY – Artificial Intelligence, Robotics, and the Future of Work: Myths and Facts, By Robert D. Atkinson, September 19, 2017)

Blog post on California’s broadband privacy bill: Senior analyst Doug Brake argued, “State-level broadband privacy laws are not needed. All major broadband providers offer consumers the ability to opt out of data collection programs, plus where information is shared it is typically de-identified and aggregated with other users.” (ITIF BLOG – Good Riddance: California’s Broadband Privacy Bill Was Unnecessary and Unhelpful, By Doug Brake, September 18, 2017)

Internet Association

Statement on EU-U.S. Privacy Shield President and CEO Michael Beckerman stated, “The internet industry commends the EU and U.S. for the painstaking groundwork done in preparation for a successful Privacy Shield annual review. In particular, we wish to thank Secretary Ross and Commissioner Jourova for their commitment to the review process and the framework itself.” He added, “They and their teams have made significant progress in implementing the framework in a cooperative and constructive manner. More than 2,300 companies, large and small, have signed up for Privacy Shield since it came into force, making it a key tool facilitating transatlantic commerce. It is essential that stakeholders on both sides of the Atlantic to stand by the agreement as the review process moves forward.” (ITI STATEMENT – Statement On The First Privacy Shield Annual Review, September 18, 2017)

New America

Letter to Congress on data access: The Open Technology Institute (OTI), “as part of a broad coalition of privacy and human rights organizations, sent a letter to Congress today opposing proposed legislation that would grant foreign governments easy access to electronic communications data, like emails, held in the United States.” Moreover, the letter explained “that the organizations have ‘serious concerns’ because the draft legislation proposed by the Justice Department poses threats to privacy, civil liberties, and human rights.” (NEW AMERICA PRESS RELEASE – OTI and Coalition Oppose Proposal to Provide Foreign Governments Access to U.S. Communications Data, September 20, 2017)

Blog post on California’s broadband privacy bill: Policy counsel Eric Null wrote, “While the California legislature was debating its broadband privacy bill this summer, the Council of the District of Columbia proposed its own broadband privacy protection legislation called the Broadband Internet Privacy Act of 2017 (B22-0403). This bill (much like the California bill) largely mirrors the now-repealed FCC rule. While the bill needs some tweaking, it is a significant step in the right direction for D.C. residents.”(NEW AMERICA BLOG – As California Drops Broadband Privacy (for Now), D.C. Picks It Up, By Eric Null, September 19, 2017)

TechNet

Statement on government cybersecurity: President and CEO Linda Moore stated, “The MGT Act will help put an end to the federal government spending 80 percent of its $80 billion IT budget on maintaining aging, insecure, and expensive legacy systems.” She added, “Relying on outdated IT systems is unacceptable in an era of relentless cyberattacks, and because it often undermines the federal government’s ability to properly serve taxpayers, veterans, and other citizens seeking assistance.”(TECHNET STATEMENT – NDAA Passes Senate with Modernizing Government Technology Act Included, September 18, 2017)

U.S. Chamber of Commerce

Blog post on EU-U.S. Privacy Shield: Senior manager Kara Sutton argued, “The Privacy Shield is vitally important for American and European companies to continue to transfer data across the Atlantic and do business and sets a high standard for the protection of consumer data.” She added, “It has filled the void of uncertainty following the European Court of Justice’s invalidation of its predecessor, the Safe Harbor Framework.” (U.S. CHAMBER OF COMMERCE BLOG – Privacy Shield: What Successful Transatlantic Cooperation Looks Like, By Kara Sutton, September 18, 2017)

NOTABLE QUOTES

“Congress must reauthorize this critical national security tool but not without reforms… The House Judiciary Committee is working hard to achieve consensus to reform and reauthorize FISA Section 702, consulting all interested parties including the White House, national security agencies, and privacy advocates.”

“Facebook should not be able to hide behind privacy or data protection rules to avoid cooperating. This is not about privacy or free speech, this is not about government overreach – this is about doing the baseline anti-fraud work that would be expected of every other industry.”

“The EU will no doubt take a hard and close look at the deployment of Privacy Shield on the ground, including not only adherence by companies and oversight by the FTC, but also checks on government surveillance under the new US administration.”

“EPIC has frequently written to Congress, PCLOB, and agency CPOs about similar issues… And we will now add the DOJ Insider Threat database to our list of programs that we expect officials charged with oversight of the DOJ to investigate.”

“[Facebook has a] kind of have a reputation within law enforcement for being less cooperative, and only giving information when they’ve received court orders and they’re sticklers about that… But certainly the fact that Facebook would require a court order doesn’t surprise me at all.”

“Surveillance oversight issues were really the reason underlying the Schrems case, and Washington has been slow to reassemble agencies like PCLOB after the election, so it’s likely that these issues will be examined.”

“Under the third-party doctrine, Fourth Amendment privacy protections are lost when otherwise private information is freely shared. In its current form, application of the third-party doctrine suggests that any communication you have with your personal digital assistant may be subject to search and compelled disclosure because it is freely shared with the service provider. This would clearly seem to be the case with verbal interactions occurring after wake-word activation, but what about recordings that may have been unintentional, or worse, surreptitious?”

“We’re continuing to follow the Second Circuit Court of Appeals’ decision and will decline to produce data stored overseas in courts that fall within that circuit. To seek consistency in the law, we are appealing some of the cases where lower courts have decided not to follow the ruling of the Second Circuit Court of Appeals. This discrepancy in court decisions is yet another reminder that data surveillance laws need to be modernized to safeguard users’ privacy, protect law enforcement’s legitimate need to collect digital evidence, and provide clarity. We are pleased that both houses of Congress have introduced bills that address these issues.”